GET /_ld/0/76_1908_Crash..rar HTTP/1.1
Host: css-navi.clan.su
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
|
195.216.243.40
HTTP/1.1 503 Service Temporarily Unavailable
Content-Type: text/html; charset=UTF-8
Server: nginx/1.8.0
Date: Wed, 11 Jul 2018 13:47:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
--- Additional Info ---
Magic: HTML document text\012 exported SGML document text
Size: 2665
Md5: 4e8e963aac9e640a6a77df78ae5081c2
Sha1: 651bd0fdba4763620d267d4ff4b3994ac57f5374
Sha256: bf08c841f19786c02634029d819c7807594b1c713645cbabc02250aae1e4d014
Alerts:
IDS:
- ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
|
GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar
|
216.58.209.138
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 32954
Date: Mon, 02 Jul 2018 22:36:55 GMT
Expires: Tue, 02 Jul 2019 22:36:55 GMT
Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 745815
--- Additional Info ---
Magic: gzip compressed data, max compression
Size: 32954
Md5: 68263720f8747715639ad6a9020dd9fa
Sha1: 121c84759a7366e4a22da1c55f07bd25a3c3a6d9
Sha256: 8632e8030f860c40b4fef513a33ef06ba067b682d461e27d4ed4ff15ee87c836
|
GET /.serr/css/style.css HTTP/1.1
Host: css-navi.clan.su
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar
|
195.216.243.40
HTTP/1.1 200 OK
Content-Type: text/css
Server: nginx/1.8.0
Date: Wed, 11 Jul 2018 13:47:11 GMT
Last-Modified: Wed, 11 Jul 2018 07:36:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Etag: W/"5b45b395-4c25"
Content-Encoding: gzip
--- Additional Info ---
Magic: gzip compressed data, from Unix
Size: 4288
Md5: d0f39f32aaa12c4c859ceaa37cfc1939
Sha1: 4357fcee86a3ad7021ee86c488637b64a8fb5c71
Sha256: ca887f3286831ee1ff78614f4347ef203068bc41b7812a82ad4a271384f14e8a
Alerts:
IDS:
- ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
|
GET /.serr/js/core.js HTTP/1.1
Host: css-navi.clan.su
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar
|
195.216.243.40
HTTP/1.1 200 OK
Content-Type: text/javascript
Server: nginx/1.8.0
Date: Wed, 11 Jul 2018 13:47:11 GMT
Last-Modified: Wed, 11 Jul 2018 07:36:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Etag: W/"5b45b395-19e"
Content-Encoding: gzip
--- Additional Info ---
Magic: gzip compressed data, from Unix
Size: 234
Md5: 6d2afededfa7410e2a2a1e4ac9bebb2e
Sha1: f83e4b38412d51d14d6ccae931ec81152ce4ed9b
Sha256: 287ef7fee8741c621fd524723adca348f2f1a9cf522ac12aa5c2971a5f1b6a3e
|
GET /.serr/img/favicon.ico HTTP/1.1
Host: css-navi.clan.su
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
|
195.216.243.40
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Server: nginx/1.8.0
Date: Wed, 11 Jul 2018 13:47:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Content-Encoding: gzip
--- Additional Info ---
Magic: gzip compressed data, from Unix
Size: 2561
Md5: 5585aa3a5ee4b83b05b5ca496a21e659
Sha1: dde6db45dcd453f44c0c2b9511b61fb69d5995d7
Sha256: 15efb2ca1e8e7560c7b5ac42ea3d96c7e59b714719452ace3c9d09286a92d905
Alerts:
IDS:
- ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
|
GET /metrika/watch.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar
|
77.88.21.119
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
Server: nginx/1.8.1
Date: Wed, 11 Jul 2018 13:47:10 GMT
Content-Length: 184
Connection: keep-alive
Location: https://mc.yandex.ru/metrika/watch.js
--- Additional Info ---
Magic: HTML document text
Size: 184
Md5: 803493a1e438da1e67b84a76fa86bdda
Sha1: 9dca8b04cd8f0f715f14546b5f747aabbba7de47
Sha256: 82e7512bb763ef84d4ff4c9f8998fbff4b461ee5416741db743d5e4584d2ec45
|
GET /.serr/img/ulogo.svg HTTP/1.1
Host: css-navi.clan.su
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/.serr/css/style.css
|
195.216.243.40
HTTP/1.1 200 OK
Content-Type: image/svg+xml
Server: nginx/1.8.0
Date: Wed, 11 Jul 2018 13:47:11 GMT
Content-Length: 4235
Last-Modified: Wed, 11 Jul 2018 07:36:53 GMT
Connection: keep-alive
Keep-Alive: timeout=15
Etag: "5b45b395-108b"
Accept-Ranges: bytes
--- Additional Info ---
Magic: SVG Scalable Vector Graphics image\012 XML document text
Size: 4235
Md5: 993299552bfd263cd4a75ad398e75b58
Sha1: 3fc9ad991516b8ad0c6553a05de4a8c9759c5020
Sha256: c660064588748948fcadc6a86b73dcb981d124c370b0ba764fe8a210854f6cd5
|
GET /.serr/img/404.png HTTP/1.1
Host: css-navi.clan.su
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/.serr/css/style.css
|
195.216.243.40
HTTP/1.1 200 OK
Content-Type: image/png
Server: nginx/1.8.0
Date: Wed, 11 Jul 2018 13:47:11 GMT
Content-Length: 93328
Last-Modified: Wed, 11 Jul 2018 07:36:53 GMT
Connection: keep-alive
Keep-Alive: timeout=15
Etag: "5b45b395-16c90"
Accept-Ranges: bytes
--- Additional Info ---
Magic: PNG image, 555 x 289, 8-bit/color RGBA, non-interlaced
Size: 93328
Md5: b49480282d51d93c68a9d6fefd3fdbde
Sha1: ea45a1ca56f4d4342316c357a6d4b961a775ccb8
Sha256: 12c702f931513d9a38b2d17ee2acae1308486e7b38fab5adc84c1f02b72ac620
Alerts:
IDS:
- ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
|
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 111
Content-Type: application/ocsp-request
|
104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 11 Jul 2018 13:47:11 GMT
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=d649833144e207800a58950a63cdc20da1531316831; expires=Thu, 11-Jul-19 13:47:11 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Wed, 11 Jul 2018 13:05:44 GMT
Expires: Sun, 15 Jul 2018 13:05:44 GMT
Etag: "9e90d6a48d363805266a5985b72f36311ba55af2"
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 438bb8746455429d-OSL
--- Additional Info ---
Magic: data
Size: 1570
Md5: f244a8b59d7371c466a8a4c04a05297e
Sha1: 9e90d6a48d363805266a5985b72f36311ba55af2
Sha256: bb326e16b1317f170c8c7b5408b86778412caf570fa1975184763d260b0c5a59
|
GET /metrika/watch.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar
|
77.88.21.119
HTTP/1.1 200 OK
Content-Type: application/javascript
Server: nginx/1.8.1
Date: Wed, 11 Jul 2018 13:47:11 GMT
Content-Length: 42893
Last-Modified: Wed, 11 Jul 2018 12:52:56 GMT
Connection: keep-alive
Etag: "5b45fda8-a78d"
Content-Encoding: gzip
Expires: Wed, 11 Jul 2018 14:47:11 GMT
Cache-Control: max-age=3600
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=31536000
--- Additional Info ---
Magic: gzip compressed data, from Unix, last modified: Wed Jul 11 13:20:33 2018
Size: 42893
Md5: b25438f962bb390cdb31b6764d2d8324
Sha1: 53360eb8759c949facd30b24dfc4d1b0f40db7b7
Sha256: c993c4cc851f929d93e0897b8d0a5f0e847b95a191510e0f9bb769dd1a67d8f3
|
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar
|
77.88.21.119
HTTP/1.1 200 OK
Content-Type: image/gif
Server: nginx/1.8.1
Date: Wed, 11 Jul 2018 13:47:12 GMT
Content-Length: 61
Last-Modified: Mon, 12 Oct 2015 13:09:09 GMT
Connection: keep-alive
Etag: "561bb0f5-3d"
Content-Encoding: gzip
Expires: Wed, 11 Jul 2018 14:47:12 GMT
Cache-Control: max-age=3600
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=31536000
--- Additional Info ---
Magic: gzip compressed data, was "advert.gif", from Unix, last modified: Mon Oct 12 15:06:12 2015
Size: 61
Md5: aad2d5e940637a676e25e6cc7a684a83
Sha1: c77946775d4c1719c48eb691edfbcf873b0738f5
Sha256: d9d219b8ba39a549d43400945b848dde73269f25dab5b75b85439c451ca0a525
|
OPTIONS /watch/24122689?wmode=7&page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A10%3Aj%3A1%3As%3A1176x885x24%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x754%3Az%3A120%3Ai%3A20180711154711%3Aet%3A1531316832%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A1183724667749%3Arqn%3A1%3Arn%3A22350734%3Ahid%3A478011455%3Awn%3A32318%3Ahl%3A1%3Agdpr%3A14%3Av%3A1192%3Arqnl%3A1%3Ast%3A1531316833%3Au%3A153131683259207810%3At%3A503%20-%20Failed%20to%20load%20website HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Origin: http://css-navi.clan.su
Access-Control-Request-Method: POST
|
77.88.21.119
HTTP/1.1 200 OK
Server: nginx/1.8.1
Date: Wed, 11 Jul 2018 13:47:12 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000
--- Additional Info ---
|
GET /watch/24122689?wmode=5&callback=_ymjsp657322727&page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A6%3Ati%3A10%3Aj%3A1%3As%3A1176x885x24%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x754%3Az%3A120%3Ai%3A20180711154711%3Aet%3A1531316832%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A1183724667749%3Arqn%3A1%3Arn%3A22350734%3Ahid%3A478011455%3Awn%3A32318%3Ahl%3A1%3Agdpr%3A14%3Av%3A1192%3Arqnl%3A1%3Ast%3A1531316833%3Au%3A153131683259207810%3At%3A503%20-%20Failed%20to%20load%20website HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar
|
77.88.21.119
HTTP/1.1 302 Found
Server: nginx/1.8.1
Date: Wed, 11 Jul 2018 13:47:12 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Wed, 11 Jul 2018 13:47:12 GMT
Expires: Wed, 11 Jul 2018 13:47:12 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: yandexuid=9810880001531316832; domain=.yandex.ru; path=/; expires=Thu, 11-Jul-2019 13:47:12 GMT
yabs-sid=890197201531316832; path=/
i=tX+Mtf72gsqlAXAwwpDRn0wqcl/F/6ForJH6OI8oPyRlZN9b337zeTA1//513QrgTikmLRkHuNq9HdWrtrKa/iXBjTE=; Expires=Thu, 11-Jul-2019 13:47:12 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly
yp=1562852832.yrts.1531316832#1562852832.yrtsi.1531316832; domain=.yandex.ru; path=/; expires=Sat, 08-Jul-2028 13:47:12 GMT
Location: https://mc.yandex.ru/watch/24122689/1?wmode=5&callback=_ymjsp657322727&page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A6%3Ati%3A10%3Aj%3A1%3As%3A1176x885x24%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x754%3Az%3A120%3Ai%3A20180711154711%3Aet%3A1531316832%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A1183724667749%3Arqn%3A1%3Arn%3A22350734%3Ahid%3A478011455%3Awn%3A32318%3Ahl%3A1%3Agdpr%3A14%3Av%3A1192%3Arqnl%3A1%3Ast%3A1531316833%3Au%3A153131683259207810%3At%3A503%20-%20Failed%20to%20load%20website
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000
--- Additional Info ---
Magic: gzip compressed data, from Unix
Size: 1171
Md5: 3b654d8f23f835babd9fb5337f91ddaf
Sha1: 72b1bd508b3c850d75c55a85718473c076acea45
Sha256: 2ee9ce85f16481613a1fa097da5a4a0fc2ff1ae5f91264e3e770106b95c2d167
|
GET /watch/24122689/1?wmode=5&callback=_ymjsp657322727&page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A6%3Ati%3A10%3Aj%3A1%3As%3A1176x885x24%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x754%3Az%3A120%3Ai%3A20180711154711%3Aet%3A1531316832%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A1183724667749%3Arqn%3A1%3Arn%3A22350734%3Ahid%3A478011455%3Awn%3A32318%3Ahl%3A1%3Agdpr%3A14%3Av%3A1192%3Arqnl%3A1%3Ast%3A1531316833%3Au%3A153131683259207810%3At%3A503%20-%20Failed%20to%20load%20website HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar
Cookie: yandexuid=9810880001531316832; yabs-sid=890197201531316832; i=tX+Mtf72gsqlAXAwwpDRn0wqcl/F/6ForJH6OI8oPyRlZN9b337zeTA1//513QrgTikmLRkHuNq9HdWrtrKa/iXBjTE=; yp=1562852832.yrts.1531316832#1562852832.yrtsi.1531316832
|
77.88.21.119
HTTP/1.1 200 OK
Content-Type: application/javascript
Server: nginx/1.8.1
Date: Wed, 11 Jul 2018 13:47:12 GMT
Content-Length: 111
Connection: keep-alive
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Wed, 11 Jul 2018 13:47:12 GMT
Expires: Wed, 11 Jul 2018 13:47:12 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000
--- Additional Info ---
Magic: ASCII text, with no line terminators
Size: 111
Md5: aa17e56a9cd96530f4a89ade380d7703
Sha1: 131cf2d656c5c94250f6a1ddc05a52070b79e15d
Sha256: 517dbb33606a37a06d6a1d28644a7cd752b6e362458375c396cc39da97632701
|
GET /.serr/img/favicon.ico HTTP/1.1
Host: css-navi.clan.su
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: _ym_uid=153131683259207810; _ym_d=1531316832; _ym_isad=2; _ym_visorc_24122689=w
|
195.216.243.40
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Server: nginx/1.8.0
Date: Wed, 11 Jul 2018 13:47:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Content-Encoding: gzip
--- Additional Info ---
Magic: gzip compressed data, from Unix
Size: 2561
Md5: 5585aa3a5ee4b83b05b5ca496a21e659
Sha1: dde6db45dcd453f44c0c2b9511b61fb69d5995d7
Sha256: 15efb2ca1e8e7560c7b5ac42ea3d96c7e59b714719452ace3c9d09286a92d905
Alerts:
IDS:
- ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
|
OPTIONS /watch/24122689?page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A7%3Aj%3A1%3As%3A1176x885x24%3Aadb%3A2%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x754%3Az%3A120%3Ai%3A20180711154727%3Aet%3A1531316848%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Aar%3A1%3Anb%3A1%3Acl%3A227%3Als%3A1183724667749%3Arqn%3A2%3Arn%3A99341180%3Ahid%3A478011455%3Agdpr%3A14%3Av%3A1192%3Arqnl%3A1%3Ast%3A1531316848%3Au%3A153131683259207810 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Origin: http://css-navi.clan.su
Access-Control-Request-Method: POST
|
77.88.21.119
HTTP/1.1 200 OK
Server: nginx/1.8.1
Date: Wed, 11 Jul 2018 13:47:27 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000
--- Additional Info ---
|
GET /watch/24122689?page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A4%3Aj%3A1%3As%3A1176x885x24%3Aadb%3A2%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x754%3Az%3A120%3Ai%3A20180711154727%3Aet%3A1531316848%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Aar%3A1%3Anb%3A1%3Acl%3A227%3Als%3A1183724667749%3Arqn%3A2%3Arn%3A99341180%3Ahid%3A478011455%3Agdpr%3A14%3Av%3A1192%3Arqnl%3A1%3Ast%3A1531316848%3Au%3A153131683259207810 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar
Cookie: yandexuid=9810880001531316832; yabs-sid=890197201531316832; i=tX+Mtf72gsqlAXAwwpDRn0wqcl/F/6ForJH6OI8oPyRlZN9b337zeTA1//513QrgTikmLRkHuNq9HdWrtrKa/iXBjTE=; yp=1562852832.yrts.1531316832#1562852832.yrtsi.1531316832
|
77.88.21.119
HTTP/1.1 200 OK
Content-Type: image/gif
Server: nginx/1.8.1
Date: Wed, 11 Jul 2018 13:47:27 GMT
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Wed, 11 Jul 2018 13:47:27 GMT
Expires: Wed, 11 Jul 2018 13:47:27 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000
--- Additional Info ---
Magic: GIF image data, version 89a, 1 x 1
Size: 43
Md5: df3e567d6f16d040326c7a0ea29a4f41
Sha1: ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
|